Comment by torginus

1 day ago

I just checked out Servo, and like all browsers it has a VERY large footprint of dependencies (notably GStreamer/GOject, libpng/jpeg, PCRE). Considering browsers have quite the decent process isolation (the whole browser process vs heavily sandboxed renderer processes), I wonder how tangible the Rust advantage turns out to be.

3 comments

torginus

p-e-w 1 day ago

Browsers have had sandboxing for well over a decade, and the 3-4 catastrophic vulnerabilities per year happen in spite of that.

And most of them are in the browser code itself, not in dependencies. By far the biggest offender tends to be the JavaScript engine.

torginus 1 day ago
Are you sure?
I just looked at the top CVEs for chrome in 2025. There are 5 which allow excaping the sandbox, and the top ones seem to be V8 bugs where the JIT is coaxed into generating exploitable code. One seems to be a genuine use-after-free.
So I can echo what you wrote about the JS engine being most exploitable, but how is Rust supposed to help with generating memory-safe JITed code?
- p-e-w 13 hours ago
  
  Like this: https://github.com/nbp/holyjit